Launch creation of an EC2 instance - Launch Instance
Set Name as splunk and leave the rest of the defaults
Set Key pair (kimchiking). Click the Launch instance button to create the instance.
Navigate to the new instance and grab the public IPv4 address
SSH into the instance and perform an update
ssh -i kimchiking.pem [email protected]
sudo yum update -y
Execute the wget in the terminal to download the install file, and then install the splunk .rpm file.
wget -O splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm "<https://download.splunk.com/products/splunk/releases/9.0.2/linux/splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm>"
sudo yum install ./splunk-9.0.2-17e00c557dc1-linux-2.6-x86_64.rpm
start the splunk server
sudo bash
cd /opt/splunk/bin
./splunk start --accept-license --answer-yes
./splunk start
Enter administrator username and password, remember this because you will need this to log into the application
In AWS navigate to the EC2 instance Security groups
Edit inbound rules
Add rule to open port 8000 and Save rules
Open a browser and navigate to http://54.82.123.72:8000 and log into splunk
Navigate to Settings > Server settings and then General settings
Under Index settings set Pause indexing if free disk space from 5000 to 50 and Save
Splunk Enterprise Server
